#!/bin/bash
openssl req -new -sha256 \
    -key mycert.key \
    -subj "/C=CN/ST=Hubei/L=Wuhan/O=Baosteel/OU=Automobile/CN=izbp11224b1elzn0hvxs2xz" \
    -reqexts SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:jt.whxukang.cn")) \
    -out mycert.csr

$ openssl ca -in mycert.csr \
    -extensions SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:jt.whxukang.cn")) \ 
    -out mycert.crt

#check
openssl x509 -text -noout -in mycert.crt